Summary: | net-im/gaim-1.1.4 contains security fixes | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Don Seiler (RETIRED) <rizzo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gaim-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Don Seiler (RETIRED)
2005-02-24 19:32:14 UTC
was fixed in 1.1.3: Remote DoS on receiving malformed HTML (CAN-2005-0473) Remote crash. Receiving malformed HTML can result in an invalid memory access causing Gaim to crash. AIM/ICQ remote denial of service (CAN-2005-0472) Certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim when parsing the SNAC. The remote user would need a custom client, able to generate malformed SNAC sparc-a-go-go. 1.1.3 fixed CAN-2005-0473, but opened yet another, almost identical security issue, CAN-2005-0208. So 1.1.4 does contain security fixes (see http://gaim.sourceforge.net/security/index.php ). Yes. So 1.1.4 contains all three fixes, as 1.1.3 had not yet made stable on all ARCHes. I've marked stable on x86, as that is my playground. Removing cc on x86 team. was fixed in 1.1.4: Client crashes when receiving specific malformed HTML (CAN-2005-0208) Remote crash. Receiving malformed HTML can result in an invalid memory access causing Gaim to crash. stable on amd64 stable on ppc64 stable on mipshttp://bugs.gentoo.org/show_bug.cgi?id=83253 Stable on alpha. removing ia64 been marked stable without notice no entry in Changelog but cvs log gives: revision 1.4 date: 2005/02/25 16:19:09; author: agriffis; state: Exp; lines: +2 -2 stable on ia64 #83253 (Portage version: 2.0.51-r15) Marked stable on ppc by blubb. Vapier gave the OK to mark stable on HPPA and ARM. I have done this. That is the last of the arches. GLSA 200503-02 |